Lucene search

GitHub_MCVELIST:CVE-2021-32664

HistoryOct 19, 2021 - 5:45 p.m.

CVE-2021-32664 Reflected XSS in Combodo/iTop

2021-10-1917:45:12

CWE-79

GitHub_M

www.cve.org

combodo itop

xss

run query

administrator

web based

it service management

open source

cve-2021-32664

versions 2.6.5

2.7.5

resolved

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

40.4%

JSON

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on “run query” page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

CNA Affected

[
  {
    "product": "iTop",
    "vendor": "Combodo",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.6.5"
      },
      {
        "status": "affected",
        "version": ">= 2.7.0, < 2.7.5"
      }
    ]
  }
]

References

github.com/Combodo/iTop/commit/4f5c987d8b1bd12814dc606ea69b6cfb88490704

github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a

github.com/Combodo/iTop/commit/86f649affc12b5078efc86d9439d67d98f4cb2f6

github.com/Combodo/iTop/security/advisories/GHSA-j758-ggwg-9mpj

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

40.4%

JSON

Related for CVELIST:CVE-2021-32664